Mark Minasi's Tech Forum
Register Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #1 

It was suggested by a Vendor that for their application to run properly the Service Accounts (Which Is Set to Allow Logon Locally) needs to have IE Proxy Settings Set so that Web Scans can be performed correctly.  Since they are not actually Logging Into the Server the User Defined GP Proxy settings is not being set and the application is not able to perform the Web Scan during the allotted time.

It was suggested just setting the Proxy Rule as a Computer Configuration instead of a User Defined setting.


So I found this,,, Make proxy settings per-machine (rather than per-user)

However I do not understand where I am supposed to set the Path for the .DAT file that they use via -

  • Internet Options
  • Connections
  • Lan Settings
  • Use Automatic Configuration Script
  • Address: http://BigProxy.Dog.Net/WPad.dat


Applies proxy settings to all users of the same computer.

If you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer.

If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings.

This policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user. 

=== Detailed values: === 

Enabled Value:
decimal: 0

Disabled Value:
decimal: 1

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 199
Reply with quote  #2 
You can set a machine level proxy like this: https://technet.microsoft.com/nl-nl/library/bb430772(v=exchg.141).aspx
__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #3 
Quote:
Originally Posted by wkasdo
You can set a machine level proxy like this: https://technet.microsoft.com/nl-nl/library/bb430772(v=exchg.141).aspx


Apologies for the confusion  Perhaps I am asking this the wrong way...

Since these accounts are Service Accounts set to Log On Locally to run the Application they are not pulling down any Domain Level GP's where the settings for <see below> have been set.
  • Internet Options
  • Connections
  • Lan Settings
  • Use Automatic Configuration Script
  • Address: http://BigProxy.Dog.Net/WPad.dat

This DAT file needs to be used regardless of which URL the Application Player is being directed too...  Since there are hundreds of target URLs, which can change daily, adding each to Local is not an option.


I do not see a way to SET the Address: http://BigProxy.Dog.Net/WPad.dat in the Setting (GUI view) of Use Automatic Configuration Script...

Code:
I have made a Registry Addition to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings - 
  • AutoConfigURL:  http://BigProxy.Dog.Net/WPad.dat
  • AutoConfigURLSave:  http://BigProxy.Dog.Net/WPad.dat
  • ProxyEnable: 0x00000000 (0)


CORRECTION!  Registry Addition Made To:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings - 
  • AutoConfigProxy: wininet.dll
  • AutoConfigURL:  http://BigProxy.Dog.Net/WPad.dat
  • AutoConfigURLSave:  http://BigProxy.Dog.Net/WPad.dat
  • EnableHttp1_1: 0x00000001 (1)
  • EnableNegotiate: 0x00000001 (1)
  • ProxyEnable: 0x00000001 (1)
  • ProxyHttp1.1: 0x00000001 (1)

Local GPO - 

Make proxy settings per-machine (rather than per-user)Not configured:  No

 


So that is where I am at now, testing and waiting.

Next is to get the Vendor back on the phone (again!) and have them actually explain how to deploy their configuration from end to end...

This is NOT documented on their site right now since the Application used to be a Snap-In to a bigger sub-application.  The documentation for that is NOT the same for the NEW Stand Alone Application...



__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
donoli

Senior Member
Registered:
Posts: 530
Reply with quote  #4 
Here's something that I had read about wpad which you may know already.

WPAD is short for "Web Proxy Autodiscovery Protocol", and is a method for Windows machines to detect which machine to use as proxy for HTTP(S) traffic.

The process of finding a web proxy with WPAD basically works like this:

  1. Did I receive a WPAD entry in my DHCP lease?
    If yes, then jump to #4.
  2. Ask the DNS server who is called "wpad" (or wpad.[mydomain.com]).
    Jump to #4 if a the lookup was successful.
  3. Broadcast a NetBIOS Name Service message and ask for "WPAD".
    Continue to #4 if anyone on the network claims to be called "WPAD", otherwise don't use any web proxy.
  4. Download the file hxxp://wpad/wpad.dat
  5. Use IP address defined in wpad.dat as the web proxy for all HTTP and HTTPS web traffic.
0
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #5 
Just to add...

There are multiple Proxy Server IPs listed in the Wpad.Dat file.  There is no way to determine which will be used for each of our Global URLs that is being scanned, which is why they use the Wpad.Dat as a User Enforced GP Proxy Setting.

Using Netsh I am only able to add a single Proxy onto a Player Server, that is not going to work since there will be hundreds of URL scans going all over the place on each Player
Server..


This is for SolarWinds WPM Application.  It is a Web Page Monitor...   WPM ONLY!   This is a new standalone version that does NOT require NPM to be installed...

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.